“Technology is an enabler that can help small businesses…but they need to not abdicate their responsibilities to themselves and the rest of the business community. A lot of small businesses play critical roles in the supply chain. So they need to take some rudimentary, low cost, but necessary steps to protect their own information security assets and make sure they are not the weak link in the overall community they serve,” Cooper, editorial director for BizTechReports, told Infosecurity.
Small businesses have typically not focused on information security except to put anti-virus software on their machines, Cooper said. “It’s a mistake for small business not to pay more attention to this issue.”
Small business should prioritize their information security needs so they can invest their limited budgets in places that will provide the most bang for the buck. “If customer data is important to you, you might want to consider encrypting that data….If having access to your applications is critical for you staying in business, then you might want to have anti-virus software and make sure your patches are continually updated. You might want to make sure you integrate this with your business continuity strategy, so you can quickly recover if a disaster occurs”, he said.
One option for small businesses is to use cloud computing. Cooper said that for small businesses, the use of a reputable cloud provider is a better information security move than trying to do it all themselves.
“If you are working with a reputable organization that you feel confident about, then the cloud solution probably has more security than a small business will ever be able to deploy on its own”, he said.
Cooper is author of the white paper Cyber Security Strategies for the Small Business Market, which was prepared for the Solutions for Small Business report series. In the white paper, he cautions small businesses about thinking that cybersecurity is something only big organizations need to worry about.
“It’s tempting to see cybersecurity as a problem unique to government agencies, large enterprises, or e-commerce players. While such sites are highly visible, cybercriminals are also paying closer attention than ever to so-called ‘soft targets’ such as small businesses. Why? Because bad guys have learned they have more luck attacking unguarded small businesses than enterprise fortresses.”
The white paper offers small businesses the following advice:
“For small businesses that rely on the internet and information technology, the cybersecurity challenge is one of balancing competing interests. In a tough economy, ‘a penny saved is a penny earned’. But it’s also true that ‘an ounce of prevention is worth a pound of cure.’ So how do small businesses best balance those seemingly competing interests when it comes to cybersecurity? First, by coming to terms with the fact that cyber crime never sleeps. Small businesses are soft targets that increasingly are coming under attack. Here’s the good news: there are affordable policies and products on the market that can make a big difference."